Interface issues USG60

Options
N77
N77 Posts: 3
First Comment
edited April 2021 in Security
My firewall performance drops over time and I can see increasing number of interface messages on syslog.

47
2018-08-21 19:49:36
debug
Default
kernel: eth0: 100 Mbps Full duplex, port 17
 
 
 
49
2018-08-21 19:49:27
debug
Default
kernel: eth0: 100 Mbps Full duplex, port 17
 
 
 
50
2018-08-21 19:46:37
debug
Default
kernel: eth0: 100 Mbps Full duplex, port 17

First this happens a few times every now (1-20 minutes) and then, after a few days I get these every few seconds. Reboot always helps for a couple days until throughput declines again.

I have changed all by cables and done the basics to figure out if this is external issue, but now I went on to try my secondary internet port for a day and I get no syslog errors on it at all.

According to graphs by observium the only notable difference is that eth_base acts differently while using wan1 and wan2 links, red shows my one day test on wan2 link



my config is fairly simple with only one minor differences; dhcp metric and ipv6 - ipv6 is globally disabled so I'd assume that has no impact as should not the dhcp metric.

interface-name ge1 Internet
interface-name ge2 Internet2
!
interface Internet
 ip address dhcp
 type external
 description Internet
 upstream 1048576
 downstream 1048576
 mtu 1500
 ipv6 dhcp6 address-request
 igmp activate
 no ip proxy-arp activate
!
interface Internet2
 type external
 description Internet2
 ip address dhcp metric 0
 upstream 1048576
 downstream 1048576
 mtu 1500
 igmp activate
 no ip proxy-arp activate
!

Any pro tips? :)

Thanks!

Comments

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @N77

    This log should coming from when physical layer is negotiating when linkup.

    May we know more detail information on your environment:

    (1) What is the speed supported on your device? 1000M or 100M? (maybe you can let us know the product name)

    (2) Please use CLI command shows physical negotiation result when connecting WAN1 and WAN2 on USG

    Router# show port status<b></b>
    (3) How about the test result if connecting a switch between your modem and USG60?
    e.g. Internet------modem-----switch------USG60
  • N77
    N77 Posts: 3
    First Comment
    Options
    Hi,

    1)

    I am not entirely sure what you mean by product name, other than USG60? 

    Router# show version
    Zyxel Communications Corp.
    image number model                            firmware version                                                  build date           boot status
    ===============================================================================
    1            USG60                            V4.32(AAKY.0)                                                     2018-07-12 10:31:26  Running
    2            USG60                            V4.30(AAKY.0)                                                     2017-11-23 21:17:51  Standby

    Link speed supported is 1000M but I have only 100M ethernet uplink.

    2) 
    Router# show port status
    Port Status     TxPkts     RxPkts     Colli.  TxB/s      RxB/s      Up Time
    ===============================================================================
    1    Down       10969779   12495178   0       0          0          00:00:00    
    2    100M/Full  6188714    7546128    0       970        10984      03:50:11    
    3    Down       0          0          0       0          0          00:00:00    
    4    Down       0          0          0       0          0          00:00:00    
    5    Down       0          0          0       0          0          00:00:00    
    6    1000M/Full 20369606   17957030   0       12468      2222       36:20:56    

    (I have switched to port 2 now as it seems to be more stable)

    3)
    I have ethernet link towards my ISP (shared fiber between apartments) and I am blindly connecting to their switch at 100F through ethernet jack in my apartment; ISP -> Shared switch -> USG60

    However I have tried adding TP-link switch in between and the behavior is exactly the same.
    ISP -> shared switch -> TP-link TL-SG2008 -> USG60 
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2018
    Options

    Hi @N77

    Can you try to fix the port as full 100Mbps on your USG60.

     Please use this command:

    Router# configure terminal

    Router(config)# port status Port1

    Router(config-port-status)# no negotiation

    Router(config-port-status)# speed 100

    Router(config-port-status)# duplex


    Moreover, can you also check the port speed/duplex/auto negotiation modes on the TP-link switch settings? And also check the Ethernet cable is 8 pin.


  • N77
    N77 Posts: 3
    First Comment
    Options
    Hi,

    Done but still get the message within minutes after completed

    1
    2018-08-23 15:21:05
    debug
    Default
    kernel: eth0: 100 Mbps Full duplex, port 17

    Also since I have TP link in between I can use 1000M link TP-link<-> USG60 and 100M ISP <-> TP so I tried both autoneg on TP-link and USG60 at 1000M and 100 full duplex without autoneg at both per your suggestion.

    I am thinking at this point that the eth0 might actually just have hardware failure since everything works ok on eth1. (I see nothing physically wrong with eth0, no bent connectors or such)

    I have cat6 and cat5 cables I tried with and the cable is 2 meters so I am gaining confidence in the fact that this is just a hardware failure at USG60 side.

    What makes it odd is that reboot seems to help temporarily and it takes couple days before the performance goes really bad and the frequency of messages increases so I was thinking this could be some sort of counter overrun/leak issue too, but then again that should also impact second port?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @N77
    I will send you private message for check this issue more detail.

Security Highlight